diff --git a/samples/drvobj.py b/samples/drvobj.py
index 18ef744..613cf7b 100644
--- a/samples/drvobj.py
+++ b/samples/drvobj.py
@@ -73,8 +73,8 @@ def printDrvMajorTable( drvName ):
drvObj = typedVar( "nt", "_DRIVER_OBJECT", drvObjPtr )
- for i,k in drvObj.MajorFunction.items():
- dprintln( "MajorFunction[%d] = %s" % ( i, findSymbol( k ) ) )
+ for i in xrange( 0, len( drvObj.MajorFunction ) ):
+ dprintln( "MajorFunction[%d] = %s" % ( i, findSymbol( drvObj.MajorFunction[i] ) ) )
diff --git a/samples/proclist.py b/samples/proclist.py
index eb1a2c4..153e16d 100644
--- a/samples/proclist.py
+++ b/samples/proclist.py
@@ -14,9 +14,8 @@ def processInfo():
processList = typedVarList( nt.PsActiveProcessHead, "nt", "_EPROCESS", "ActiveProcessLinks" )
for process in processList:
- dprintln( "".join( [ chr(i) for i in process.ImageFileName.values() ] ) )
+ print "".join( [chr(i) for i in process.ImageFileName if i != 0] )
- return
if __name__ == "__main__":
diff --git a/snippets/accessmask.py b/snippets/accessmask.py
index ba15a1f..7545d98 100644
--- a/snippets/accessmask.py
+++ b/snippets/accessmask.py
@@ -89,9 +89,9 @@ def parseMask(mask, maskSets) :
argc = len(sys.argv)
if argc == 1 :
- dprintln("Syntax: [object type] <hex mask>")
+ dprintln("Syntax: [object type] <;hex mask>;")
dprintln("Supported object types: process, thread, file, generic")
- exit("")
+ quit( "" )
type = (argc > 2 and sys.argv[1]) or "generic"
if argc > 2 :
diff --git a/snippets/export.py b/snippets/export.py
index 7f09c29..879a4f1 100644
--- a/snippets/export.py
+++ b/snippets/export.py
@@ -51,7 +51,7 @@ if __name__ == "__main__":
print "script is launch out of windbg"
quit( 0 )
- if len (sys.argv)<=0:
+ if len (sys.argv)<=1:
dprintln( "usage: !py export module_name ( export mask )" )
elif len( sys.argv ) == 2:
export( sys.argv[1] )
diff --git a/snippets/iat.py b/snippets/iat.py
index f765333..592f67e 100644
--- a/snippets/iat.py
+++ b/snippets/iat.py
@@ -60,7 +60,7 @@ if __name__ == "__main__":
print "script is launch out of windbg"
quit( 0 )
- if len (sys.argv)<=0:
+ if len (sys.argv)<=1:
dprintln( "usage: !py import module_name ( symbol name mask )" )
elif len( sys.argv ) == 2:
iat( sys.argv[1] )
diff --git a/snippets/ndis.py b/snippets/ndis.py
new file mode 100644
index 0000000..6787bbc
--- /dev/null
+++ b/snippets/ndis.py
@@ -0,0 +1,92 @@
+#
+#
+#
+
+import sys
+from pykd import *
+
+
+def printBreakLine():
+
+ dprintln( "\n=====================================================================================\n" )
+
+
+def printNdisObj():
+
+ ndis=loadModule("ndis")
+
+ ndisMajorVersion = ptrByte( ndis.NdisGetVersion + 1 )
+ ndisMinorVersion = ptrByte( ndis.NdisGetVersion + 3 )
+
+ mpList = typedVarList( ndis.ndisMiniportList, "ndis", "_NDIS_MINIPORT_BLOCK", "NextGlobalMiniport" )
+
+ printBreakLine()
+
+ for m in mpList:
+
+ dprintln( "Adapter:", True )
+
+ dprintln( "%s\tNDIS_MINIPORT_BLOCK( %x )" % ( loadUnicodeString(m.pAdapterInstanceName), m.getAddress(), m.getAddress() ), True )
+
+ if ndisMajorVersion >= 6:
+
+ lwf = m.LowestFilter
+
+ if lwf != 0:
+ dprintln( "\nLight-Weight Filters:", True )
+
+ while lwf != 0:
+
+ filt = typedVar( "ndis", "_NDIS_FILTER_BLOCK", lwf )
+
+ dprintln( "%s\tNDIS_FILTER_BLOCK( %x )" % ( loadUnicodeString(filt.FilterFriendlyName), filt.getAddress(), filt.getAddress() ), True )
+
+ lwf = filt.HigherFilter
+
+
+ opn = m.OpenQueue
+
+ if opn != 0:
+ dprintln( "\nBound protocols:", True )
+
+ while opn != 0:
+
+ openBlock = typedVar( "ndis", "_NDIS_OPEN_BLOCK", opn )
+
+ proto = typedVar( "ndis", "_NDIS_PROTOCOL_BLOCK", openBlock.ProtocolHandle )
+
+ dprint( "%s \tNDIS_OPEN_BLOCK( %x )" % ( loadUnicodeString( proto.Name.getAddress() ), openBlock.getAddress(), openBlock.getAddress() ), True )
+ dprintln( "\tNDIS_PROTOCOL_BLOCK( %x )" % ( proto.getAddress(), proto.getAddress() ), True )
+
+ opn = openBlock.MiniportNextOpen
+ else:
+
+ opn = m.OpenQueue
+
+ if opn != 0:
+ dprintln( "\nBound protocols:", True )
+
+ while opn != 0:
+
+ openBlock = typedVar( "ndis", "_NDIS_OPEN_BLOCK", opn )
+
+ proto = typedVar( "ndis", "_NDIS_PROTOCOL_BLOCK", openBlock.ProtocolHandle )
+
+ dprint( "%s \tNDIS_OPEN_BLOCK( %x )" % ( loadUnicodeString( proto.ProtocolCharacteristics.Name.getAddress() ), openBlock.getAddress(), openBlock.getAddress() ), True )
+ dprintln( "\tNDIS_PROTOCOL_BLOCK( %x )" % ( proto.getAddress(), proto.getAddress() ), True )
+
+ opn = openBlock.MiniportNextOpen
+
+
+ printBreakLine()
+
+if __name__ == "__main__":
+ printNdisObj()
+
+
+
+
+
+
+
+
diff --git a/snippets/ndis6.py b/snippets/ndis6.py
deleted file mode 100644
index d7d4da8..0000000
--- a/snippets/ndis6.py
+++ /dev/null
@@ -1,78 +0,0 @@
-#
-#
-#
-
-import sys
-from pykd import *
-
-
-def printBreakLine():
-
- dprintln( "\n=====================================================================================\n" )
-
-
-def printNdisObj():
-
- ndis=loadModule("ndis")
-
- nextMP = ptrPtr( ndis.ndisMiniportList )
-
- mpList = []
-
- while nextMP != 0:
-
- mp = typedVar( "ndis", "_NDIS_MINIPORT_BLOCK", nextMP )
- mpList.append( mp )
- nextMP = mp.NextGlobalMiniport
-
- printBreakLine()
-
- for m in mpList:
-
- dprintln( "Adapter:", True )
-
- dprintln( "%s\tNDIS_MINIPORT_BLOCK( %x )" % ( loadUnicodeString(m.pAdapterInstanceName), m.getAddress(), m.getAddress() ), True )
-
-
- lwf = m.LowestFilter
-
- if lwf != 0:
- dprintln( "\nLight-Weight Filters:", True )
-
- while lwf != 0:
-
- filt = typedVar( "ndis", "_NDIS_FILTER_BLOCK", lwf )
-
- dprintln( "%s\tNDIS_FILTER_BLOCK( %x )" % ( loadUnicodeString(filt.FilterFriendlyName), filt.getAddress(), filt.getAddress() ), True )
-
- lwf = filt.HigherFilter
-
-
- opn = m.OpenQueue
-
- if opn != 0:
- dprintln( "\nBound protocols:", True )
-
- while opn != 0:
-
- openBlock = typedVar( "ndis", "_NDIS_OPEN_BLOCK", opn )
-
- proto = typedVar( "ndis", "_NDIS_PROTOCOL_BLOCK", openBlock.ProtocolHandle )
-
- dprint( "%s \tNDIS_OPEN_BLOCK( %x )" % ( loadUnicodeString( proto.Name.getAddress() ), openBlock.getAddress(), openBlock.getAddress() ), True )
- dprintln( "\tNDIS_PROTOCOL_BLOCK( %x )" % ( proto.getAddress(), proto.getAddress() ), True )
-
- opn = openBlock.MiniportNextOpen
-
- printBreakLine()
-
-if __name__ == "__main__":
- printNdisObj()
-
-
-
-
-
-
-
-
diff --git a/snippets/vmcs.py b/snippets/vmcs.py
index 4e5f841..000c957 100644
--- a/snippets/vmcs.py
+++ b/snippets/vmcs.py
@@ -185,10 +185,13 @@ def vmcsPrint( addr ):
if __name__ == "__main__":
if not isSessionStart():
- print "script is launch out of windbg"
+ dprintln( "script is launch out of windbg" )
quit( 0 )
- vmcsPrint( int( sys.argv[1], 16 ) )
+ if len( sys.argv ) <= 1:
+ dprintln( "usage: !py vmcs " )
+ else:
+ vmcsPrint( int( sys.argv[1], 16 ) )